Sign up for our weekly security newsletter

Anti-Botnet Website abuse.ch Becomes Target of SpyEye’s DDoS Assault

According to RSA the security company's FraudAction Research Lab, cyber-criminals, with the help of SpyEye and Zeus exploit kits, have attacked abuse.ch, the Internet site of Swiss origin which spots malicious domains. Understandably, abuse.ch has been detecting fraudulent ISPs as well as harmful URLs serving banker Trojans.

Stated RSA that the miscreants were employing fresh plug-ins created via Trojan SpyEye's most recent samples. SpyEye, which was a kit to develop crimeware, appeared during late-2009 after which it instantly began competing with the Zeus crimeware kit. Miscreants responsible for Zeus had given away their source code for a price alternately morphed it with SpyEye so currently malware items were developed with both the source codes for contaminating PCs, capturing credentials as well as stealing from bank accounts.

Additionally, RSA stated that the cyber-crooks purposely injected genuine domains inside the configuration files of SpyEye for tossing those website domains' blocklists. Consequently, the service could little differentiate the genuine domains from the malevolent domains, the security company thought. EWeek.com published this on March 10, 2011.

Evidently, the above implied that whatever things the SpyEye botnet's Trojan gathered, from usernames and passwords to screenshots as also cookies and certificates, would get transmitted to not only the rogue command and control servers but also to the genuine websites. Moreover, people watching over abuse.ch might track all the data as also conclude those domains were malevolent too, thereby weakening their authenticity as well as efficacy, the investigators stated.

Meanwhile, writing an e-mail, Internet Systems Consortium's President Paul Vixie who also created BIND the well-known server for domain names indicated that abuse.ch was one among only some reputed services that aided in tracing rogue traffic. SearchSecurity.com published this on March 9, 2011.

Vixie said that for the highly-reputed abuse.ch to be attacked in the above way, it was necessary that the website had restricted as well as occasional success in tossing cyber-criminals off Internet Service Providers. In that respect, according to him, abuse.ch was much more equipped as also worthy of crooks' DDoS assaults compared to what it required being, while it was rather enigmatic that the site wasn't targeted more often.

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!